This is an interesting problem
"The operating system must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process."
But you know what they asked for is not really a fantasy but a legitimate request for security of data. If you have a safety deposit box at a bank you need two (2) keys to open that box - one key used by "The Keeper of the Boxes" and the other which you have. The request made to Lew is nothing more than trying to implement the same requirement to data held in files located on computers (be they servers or otherwise).
I'd look at using hardware encrypted flash or SSD either attached directly to the existing system or via a small SBC (raspberry pi) mounted in a 3.5" disk bay or directly onto the chassis. That might even do for a rsyslogd approach. Depends on how much disk space you need and lots of other factors so it's only my 2p worth. I could easily spend some time working a solution Happy Solstice to all! Phil Vossler "......sooner or later that day comes and you can't hide from the things that you've done anymore." William Adama BSG -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org